﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.Configuration;
using System.Data.SqlClient;
using System.Data.Sql;

namespace RestaurantManagerWebApp.Pages.UserManagement
{
    
    public partial class ManagementHome : System.Web.UI.Page
    {

        string connection = System.Configuration.ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
        protected void Page_Load(object sender, EventArgs e)
        {
            if (Session["Username"] == null)
            {
                Response.Redirect("UserLogin.aspx");
            }
            else
            {
                String uid = Session["Username"].ToString();
                SqlConnection conn = new SqlConnection(connection);
                conn.Open();

                checkAccess(uid, conn);
                
            }
        }

        private void checkAccess(String uid, SqlConnection conn)
        {
            string getrole = "Select role from Users where u_id = @uid";
            SqlCommand roleCmd = new SqlCommand(getrole, conn);
            roleCmd.Parameters.AddWithValue("@uid", uid);
            SqlDataReader dr = roleCmd.ExecuteReader();
            if (dr.Read())
            {
                string role = dr["role"].ToString();
                dr.Close();
                string getAccess = "SELECT EmployeeManagement FROM [Authorization] WHERE role=@role";
                SqlCommand cmd = new SqlCommand(getAccess, conn);
                cmd.Parameters.AddWithValue("@role", role);
                SqlDataReader dr1 = cmd.ExecuteReader();
                if (dr1.Read())
                {
                    string status = dr1["EmployeeManagement"].ToString();
                    if (status == "allow")
                    {
                        dr1.Close();
                        string getName = "SELECT fname FROM Emp_records WHERE id_no=@uid";
                        SqlCommand cmd1 = new SqlCommand(getName, conn);
                        cmd1.Parameters.AddWithValue("@uid", uid);
                        SqlDataReader dr2 = cmd1.ExecuteReader();
                        while (dr2.Read())
                        {
                            string name = dr2["fname"].ToString();
                            lblWelcome.Text = "Welcome, " + name;
                        }

                    }
                    else
                    {
                        Response.Redirect("~/Pages/UserManagement/AccessDenied.aspx");
                    }
                }
            }
            conn.Close();
        }

        protected void btnAddEmp_Click(object sender, EventArgs e)
        {
            Response.Redirect("~/Pages/UserManagement/EmployeeManagementAdd.aspx");
        }

        protected void Button1_Click(object sender, EventArgs e)
        {
            Response.Redirect("~/Pages/UserManagement/EmployeeManagementUpdateDelete.aspx");
        }

        protected void Button3_Click(object sender, EventArgs e)
        {
            Response.Redirect("~/Pages/UserManagement/TestControls.aspx");
        }

        protected void lblLogout_Click(object sender, EventArgs e)
        {
            Session.Abandon();
            Response.Redirect("~/Pages/UserManagement/UserLogin.aspx");
        }


    }
}